Angel Canseco

**Name of the Vulnerable Software and Affected Versions** Motorola Device Manager version 2.4.5 **Description** The PST Service contains an unquoted service path in 'ForwardDaemon.exe'. This allows local users to inject malicious code that can be executed with elevated system privileges during service startup, potentially leading to arbitrary code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Motorola Device Manager version 2.5.4 **Description** The MotoHelperService.exe service contains an unquoted service path, which occurs when a service executable path contains spaces and is not enclosed in quotation marks. This allows local users to potentially inject malicious code and execute arbitrary code with elevated system privileges during service startup. **Recommendations** Update Motorola Device Manager to a version later than 2.5.4.

**Name of the Vulnerable Software and Affected Versions** CONTPAQi AdminPAQ version 14.0.0 **Description** The software contains an unquoted service path issue in the AppKeyLicenseServer service, which operates with LocalSystem privileges. An attacker can exploit this to inject malicious code into the service binary path. This could lead to the execution of arbitrary code with elevated system privileges when the service starts. **Recommendations** Ensure the service path is properly quoted to prevent malicious code injection.